FieldworkSign in

Security

How we protect your data

Fieldwork is built on secure infrastructure. This page describes the specific controls in place across our application, data handling, and access model.

Last security review: 2026-04-21

Infrastructure

  • Encrypted transport and storage. All connections use TLS. Data at rest is encrypted using AES-256 via AWS-managed controls.
  • Restricted production access. Access to production systems is limited to authorised team members and logged.
  • Network isolation. Application, database, and storage layers are isolated through managed cloud controls.

Application security

  • Strict workspace separation. Each workspace's interviews and transcripts are only visible to people you add there. Boundaries are enforced in the database as well as in the application.
  • Passwordless authentication. Sign-in uses magic links; no password database exists for credential stuffing attacks.
  • Rate limiting and abuse controls. Automated limits protect interview and AI endpoints from overload and misuse.
  • Scoped background processing. Summaries, exports, and billing jobs are tied to a single workspace so work cannot leak across customers.
  • Enterprise SSO support. Enterprise plans can enable SSO through their identity provider.

Certifications (via sub-processors)

SOC 2 Type II

Database & auth (AWS)

SOC 2 Type II

Application hosting

PCI DSS Level 1

Stripe

ISO 27001

AWS

Current limitations

We are direct about what we do not yet have.

  • SOC 2 certification (Fieldwork). Our infrastructure sub-processors are SOC 2 certified. We will pursue our own audit as the business scales.
  • Independent penetration test. Not yet commissioned. Planned before targeting enterprise customers at scale.
  • TOTP 2FA. Magic link authentication removes password-based attack vectors. A separate TOTP option is not currently available.

Responsible disclosure

If you discover a vulnerability, email hello@dofieldwork.io with details and reproduction steps. We acknowledge reports within 3 business days and aim to resolve confirmed issues within 30 days.

Last updated: 2026-04-21 · Questions: hello@dofieldwork.io · Locallabs Pty Ltd (ABN 74 688 587 260), Queensland AU